Data Protection Policy

Last modified: 1st February 2019

 

Alan Attard is a corporate service provider, licensed by the Malta Financial Services Authority (MFSA), that allows him to form companies or other legal entities, act as a director or secretary of a company, arrange for another person to act as a director/secretary of a company, and provide a registered office, business address, correspondence or administrative address or other related services for a body corporate or partnership.

Alan Attard (hereinafter, “Alan”, “we”, “us”, “our”, etc..) is sincerely committed to the protection of Personal Data collected from Data Subjects (hereinafter “Clients”, “you”, “your”) offline, through e.g. paper forms, contracts, statements (hereinafter “Forms”) or online, through the website www.alanattard.com (hereinafter “Website”) and through, for example, but not limited to, his (web) applications, software and digital tools (hereinafter “Applications”).

In accordance with the European General Data Protection Regulation (EU) 679/2016 (GDPR), in order to:

 

  • ensure transparency in the nature of the Personal Data we collect offline through Forms or online through the Website and/or through Applications;
  • ensure transparency in the use of Personal Data collected;
  • facilitate Data Subjects in the exercise of their rights;
  • therefore, hereby we set forth this Data Protection Policy.

The protection of your Personal Data matters to us. We aim to process your Personal Data in a lawful, appropriate and transparent manner.

Take your time to read this Data Protection Policy and its main key terms, that you will find hereby in capitalised form.

In this regard, if you have any questions or remarks, please email us on Alan@alanattard.com

 

1. DATA CONTROLLERS, JOINT DATA CONTROLLERS AND PROCESSORS

 

Alan Attard as established within the European Union are subject to the General Data Protection Regulation (EU) 679/2016 (GDPR) and to any upcoming legislation, in application of the above Regulation, entering into force in the member state in which they are established.
DATA CONTROLLERS

We inform you that any Personal Data you submit offline through Forms or online through the Website and/or the Applications is used for the purposes described below by Alan Attard., with registered office at Suite 1, Bramcote, Triq il Gonna, Swieqi, Malta in its capacity of Data Controller.

 

2.PERSONAL DATA WE COLLECT AND PURPOSES

 

We, to the extent necessary, collects, processes, registers, stores and transfers Data Subjects’ Personal Data provided offline through Forms or online through the Website and/or Applications while, for example, but not limited to: visiting the Website; using Applications; filling in offline or online registration Forms; reporting non-compliance; contacting Alan Attard; submitting job applications; clicking on social media buttons; providing feedback (e.g. on Forms, products, Applications, Website, customer service); answering to surveys and other activities.

Personal Data are collected either on a facultative basis or on a compulsory basis. If it is compulsory to provide the Personal Data, this will be marked accordingly. In case a Data Subject fails or denies providing the Personal Data that we marked as compulsory, as a consequence we will not be able to carry on the process or the activity requested by that Data Subject.

An example of Personal Data that is marked as compulsory is the situation in which a Data Subject wants to appoint Alan to submit registration Forms. In this case Alan needs some personal details in order to process the related request of registration.

 

If the Data Subject wishes to register but does not provide the personal details marked as compulsory, we will not be able to accept and process the request of registration.

We can collect Personal Data on a consent basis or without the consent of the involved Data Subject if: 1) a legal obligation must be fulfilled; or 2) a contract in which the Data Subject is party has to be performed or will be performed; or 3) there are Legitimate Interests, public interests or Vital Interests to protect; or 4) an authority has requested us to process Personal Data.

We can further process your Personal Data only:

 

  • if the purpose of the further Processing is compatible with the purpose of the initial collection of your Personal Data;
  • if you provide your consent to further Processing for a purpose which is new and not compatible with the purpose of the initial collection of your Personal Data.

Please find below, under subparagraphs 2.1. and 2.2., the Personal Data we collect and the purposes for which we collect them.

 

2.1. PERSONAL DATA WE COLLECT FROM YOU OR FROM THIRD PARTIES.

 

You can be asked to provide us, depending on the purpose of each Processing and to the extent necessary, different kind of Personal Data including, but not limited to, name, surname, date and place of birth, title, address, telephone, mobile, email address, language, country, nationality, identity card, driver’s license number, national registration number, passport number, curriculum information, police conduct, utility bill, bank statement, bank reference, professional reference, employer, occupation, client number, personal social media URL, credit card, preferences, interests, feedbacks.

You can also be asked to provide us, depending on the purpose of each Processing and to the extent necessary, some Special Categories of Personal Data (e.g.  trade union membership, Personal Data concerning health). We will process Special categories of Personal Data in accordance with GDPR on the basis of : 1) explicit consent of the Data Subject; or  2) fulfilment of legal obligations and/or exercise of the rights of the Controller or of the Data Subject in the field of employment and social security law; or 3) Vital Interests of the Data Subject; or 4) establishment, exercise or defence of legal claims; or 5) substantial Public Interest.

We also use Personal Data you provided to third parties, for example to service providers, or Personal Data that fall within the public domain such as commonly acknowledged Personal Data, Personal Data visible on your own website or blog or posted on your publicly accessible social media profile.

We may also receive Personal Data via third parties after mergers, acquisitions and any other transforming operation.

 

2.1.1 Purposes of the collection of Personal Data.

 

Once collected, we use such Personal Data mentioned above for a variety of purposes. Please find them listed below:

Business Administration and customer management.

We have to be able to perform contracts duly and properly and to carry out all the necessary statutory and accounting processes. Accordingly, we will need some Personal Data provided by Data Subjects offline through Forms or online through Website and Applications. In accordance with Regulation (EU) 679/2016, for the purpose of performing contracts, the consent of the Data Subject that is or is going to be a party to a contract is not required. The consent of the Data Subject is not required in case of duty to fulfil a legal obligation.

With regard to the management of relationship with customers and the provision of consumer services, we use Personal Data (e.g. name, country, nationality, email address, client number, credit card information) in order to:

  • assess whether it would be feasible to sell products or provide services to a customer before entering into a contract; or
  • process customers’ written requests, customers’ orders of products and services and requests of cash-back; or
  • identify and contact customers for a discount; or
  • inform customers about consumers’ rights and additional services related to the product or the service purchased; or
  • inform customers about our promotional campaigns and events and send out related invitations; or
  • manage the access on our premises, the Website and Applications; or
  • organise and execute service interventions for customers and installers; or
  • inform customers of an approaching deadline.

Supplier Administration.

We use Personal Data to keep records of suppliers and service providers, to register and manage purchase orders, business expenses and invoices provided by suppliers or service providers, acting on the basis of performing a contract/ fulfilling legal obligation.

Direct marketing.

We use collected Personal Data, Personal Data that is publicly available (e.g. information available on Internet, through results of the searches, social media results) or Personal Data received from third parties (e.g. Internet Service Providers) for direct marketing purposes and to attract new customers.

We perform direct marketing also with the aim of organising internal events, travels, presentations, meetings for employees, customers and Business Partners.

We do direct marketing through a variety of media including, without limitation, mobile’s text messaging, surveys, email, the Website, online adverts, database marketing, Applications and events.

We perform direct marketing on the basis of our Legitimate Interest of pursuing business objectives

We can do direct marketing in response to explicit consent of the Data Subject. If you do not want to receive a highly personalised offer, you should not consent to receiving direct marketing when asked to.

We commit ourself to ensure that direct marketing information is provided in a way that is clear and adequate and this by using the channel designated by the recipient in order to keep the inconvenience of being disturbed to a minimum.

Quality improvement of products and services.

We, based upon our Legitimate Interest to do business or the consent of Data Subjects, use Personal Data collected through Forms, job applications, surveys, inquiries, comments, feedback submitted to us, in order to: improve our products and services; carry out further surveys; develop analytical, risk, marketing and other models and to produce statistics. We also use your transaction details to develop global models and to perform analyses.

Example: We may need to process the number of people that have applied for a specific service.

In this regard, we commit as much as possible to aggregate Personal Data in anonymous or Pseudo Anonymous form to make sure that these Personal Data are not easily or are no longer identifiable as yours.

The practice of Processing Personal Data for statistical purposes is particularly justified by our desire to put in place strategic choices in order to better perform in the market and to provide you with better services.

Personal Data can also be used to assess, simplify and improve our processes, for example in order to optimise campaigns, procedures and sales, both offline or online, through the Website and/or through Applications.

Example: if you have not completed a procedure or the service process, we may contact you to find out what went wrong and whether we can help you. In this case we limit our contact to providing technical and administrative support for that specific procedure or process.

Recruitment and Selection.

For the purpose of recruiting talents, we collect Personal Data such as, but not limited to, name, email, phone number, curriculum information, URL to social media profile from open applicants and targeted applicants applying for example for job vacancies, international traineeship, student internship. This processing is allowed by the fact that applicants are voluntarily taking steps in order to enter into a contract with us.

The Personal Data provided by applicants (through filling in Forms or registering and creating a personal account on the Website or when entering Applications) will be used for Processing applications, contacting applicants for human resources management related activities, managing hiring processes (e.g. inviting applicants for interviews and for conducting written tests) and drafting employment contracts.

We commit ourselves to erase from its archives Personal Data belonging to applicants, who were not hired at the end of the selection process, when there is no legitimate reason to keep them.

Personnel Administration and Salary Benefits.

We use Personal Data, on the basis of performing an (employment) contract, for the purpose of managing personnel and particularly:

  • managing and keeping records of employment contracts and payroll; and/or
  • paying salaries; and/or
  • keeping records of employees’ attendance, travelling and training activities; and/or
  • communicating with health insurance companies; and/or
  • providing employees with insurances, company assets and salary benefits related to performances.

Bookkeeping and Accounting.

We use Personal Data, on the basis of performing a contract, for the purpose of bookkeeping and accounting and with the aim of:

  • keeping records of transactions; or
  • issuing invoices related to sales and services provided; or
  • filling in tax declarations and related forms in order to fulfil tax obligations; or
  • elaborating statistics on the basis of transactions’ records (for example regarding the number of transactions occurred and in which area); or
  • being compliant with applicable legislation and with regulatory requirements both at national, European and international level.

Legal Claims and Disputes.

We can use Personal Data as evidence and for ascertaining, exercising and safeguarding our rights or of those we represent (e.g. in disputes) before any jurisdiction of any country (for example, among others, our right of to defend ourselves from acts of unfair competition or our right to solicit the fulfilment of an unpaid invoice).

Fraud or Crime prevention.

We can also use Personal Data to prevent, detect and investigate crimes and cyber risks for Legitimate Interest or when a public authority requests to do so.

Corporate Business and Housekeeping.

We transmit the Personal Data collected with other companies or our Business Partners only when needed and in view of elaborating periodic reports on the outcome and business-related aspects, business plans and corporate strategies. The processing is based on our Legitimate Interest of doing business.

We process Personal Data of European Citizens that were lawfully collected by legal offices and other service providers unless there is no legal impediment (e.g. a duty of confidentiality or a provision in the data protection legislation).

We are committed to put in place all the appropriate measures for the protection of Personal Data with regard to intra group communications, in line with Regulation (EU) 679/2016.

 

2.2. PERSONAL DATA WE GET FROM YOUR USE OF THE WEBSITE AND/OR APPLICATIONS.

 

2.2.1 Purposes of the collection of Personal Data.

When you are visiting the Website and/or Applications, we may collect some of your Personal Data for the following purposes:

Easing the use of the Website and/or Applications.

By collecting some Personal Data (e.g., IP address, log-in data) on the basis of consent of the Data Subject or Legitimate Interest we are able to adapt the Website and/or the Applications more according to your needs.

Through the use of cookies, we will automatically collect some Personal Data such as, but not limited to, device-specific information (e.g. IP address, browser type), log on information (e.g. search queries), geo-localisation information (e.g. through Wi-fi access point) in order to facilitate the use of the Website and/or Applications and to increase your comfort while using them.

Example: in order to support and simplify your identification process, we may store your username and password through a Cookie, you do not have to enter your identification credentials or any personal details every visit. We may use different types of Cookies: necessary, functional, social plug-in tracking, third-party advertising, first-party analytics.

 

Monitoring of Data Subjects’ interests and preferences.

We may, within our Website and/or Applications, on the basis of consent of the Data Subject or Legitimate Interest can monitor in a systematic and regular way Personal Data through Automated Decision-Making technologies/Profiling and Cookies. This in order to evaluate certain personal aspects relating to a natural person, in particular to analyse and predict aspects concerning the natural person’s performance at work, economic situation, personal preferences, interests, reliability, behaviour, location or moments (geo-localisation).

 

3. WILL PERSONAL DATA COLLECTED BE DISCLOSED TO THIRD PARTIES?

 

For the above purposes, we may need services, counselling and/or assistance from third parties, including, but not limited to, maintenance of Applications and bug fixing, purchase of Applications, data hosting, counselling on compliance with laws and regulations, development of Applications, human resources services, supply services, Internet providers’ services, production of statistics and others.

In this regard, and only to the extent necessary, we can transmit or disclose Personal Data we collected to any natural person or legal entity, to subcontractors and business partners.

Every time we need to transmit or disclose some Personal Data we collected to third parties, except in case of Legitimate Interest of the third party, we will make sure to have in place a data processing agreement with this third party under the provisions of Regulation (EU) 679/2016, asking the third party to comply with the principles and the provisions of the same Regulation and to align on appropriate security standards.

 

4. TRANSFER PERSONAL DATA TO THIRD COUNTRIES (NON-EU)

 

Within the scope of the above described purposes we transmit and use the Personal Data collected, belonging to Data Subjects present in the European Union, with us and/or Business Partners established in any non-EU countries.

We inform you that we have arranged appropriate standard contractual clauses and appropriate safeguards regarding any transfer of Personal Data. In any case of transfer of Personal Data towards a non-EU country, we commit ourself to:

  • ensure an adequate level of protection by setting appropriate safeguards and complying with the provisions of Regulation (EU) 679/2016;
  • manage the transfer of Personal Data on the basis of:
    • a) European Commission’s adequacy decisions; if not
    • b) standard contractual clauses/ binding corporate rules; if not
    • c) code of conduct approved by the relevant supervisory authority/ official security certifications.
  • manage the transfer of Personal Data on the basis of consent of the Data Subject whose Personal Data has to be transferred or on the basis of derogations under article 49 of Regulation (EU) 679/2016 if the transfer cannot be executed on the basis of the above cases a), b), c).

5. STORAGE AND CRITERIA

 

We does not keep your Personal Data forever. We use your Personal Data to the extent necessary and only with the aim of pursuing the purposes described above. Once the aim no longer exists, we commit to delete the Personal Data, unless archiving them is required by law, at international, European or national level.

The starting point for storing your Personal Data is the statutory retention period (which is often ten years and lasts until the expiry of a contract or the end of a business relationship). The period can be longer where needed for the exercise of our rights.

If no retention period is stipulated by law, the retention period can be shorter in accordance to, but not limited to, one of the following criteria: contract length and legal obligations; business and organisational needs; long-term business relationship; pursuit of direct marketing; statistics.

Some insights only get clearer once they are viewed over a longer time span. For this reason, for some types of Personal Data a more extended time horizon may be necessary (e.g. for those needed in order to design marketing and risk models).

As has been stated, we commit as much as possible to work with aggregated, anonymised or Pseudo-Anonymised Personal Data and in all cases, it will cease the connections to individuals as quickly as possible.

 

6. YOUR RIGHTS AS DATA SUBJECT AND HOW TO EXERCISE THEM.

 

If you have any questions about the protection of your Personal Data or the exercise of your rights, you can contact us at any time by writing to us, by calling us, by sending via postal mail a specific Form or by submitting the Form available online under each “contact us” section throughout the Website and/or the Applications.

Once your Personal Data are subject to Processing, you have several rights as Data Subject that can be exercised, as listed below.

Be as specific as possible any time you wish to exercise your rights. We can only properly answer queries couched in sufficient detail. We will need to verify your identity in as much detail as possible, in order to avoid that someone else tries to exercise your rights. You will therefore be asked to provide a valid identification document when making such a request.

 

You can have access to your Personal Data

If you would like to access the Personal Data that we process about you or you want to know more about:

  • the purposes of our Processing;
  • the categories of Personal Data concerned;
  • the categories of recipient to whom the Personal Data have been or will be disclosed;
  • the envisaged period of storage or the criteria used to determine that period;
  • the Data Subject’s rights;
  • the rights you can exercise with respect to our Processing;
  • the existence of Automated Decision-Making, including Profiling, and envisaged consequences;

and any other available information about the Processing of your Personal Data, please fill in the website form.

We will use the Personal Data you provide us through the form only for the purpose of verifying and Processing your request.

If you exercise your right to access, we will give you as complete as possible a list or a copy of your Personal Data.

 

You can complete/rectify/erase/restrict the processing of your Personal Data

It can happen that certain Personal Data held on you by us are not (or have ceased to be) correct. It can also happen that you want to add something to the Personal Data you provided us. You can ask for your Personal Data to be rectified or completed at any time, by filling in the website form.

If you want us to erase your Personal Data your request will be processed, unless no impediment or incompatibility arise according to law or Legitimate Interests towards the deletion. You can obtain the restriction to the Processing of your Personal Data at any time, by filling in the website form.

 

You can withdraw your consent to Processing of your Personal Data

Please remember that every time you provide us with your consent to process your Personal Data, you can subsequently withdraw that consent at any time by following the suggested procedure and as easily as you gave it.

If you want to withdraw your consent, you can do it at any time by filling in the website form.

 

You can object to Processing or object to Processing by automatised decision-making systems

If you disagree with how we process certain Personal Data, you can object by filling in the website form. We shall process objections unless there are valid reasons not do so or reasons provided by law (for example, an objection will be declined if the Processing of Personal Data has been conducted in view of combating fraud).

If you disagree with Processing of your Personal Data based solely on Automated Decision-Making (including Profiling) which produces legal effects or affects similarly a Data Subject, you can object at any time by filling in the website form.

If you do not agree with the way we are Processing your Personal Data or you have other questions in this regard, you can always contact the Data Protection Authority of your country of residence.

 

7. DATA PROTECTION OFFICER

 

  • Alan Attard is currently the designed data protection officer for all his clients in his personal stead.

8. MINORS

 

Through its Website or Applications we do not process any Personal Data of natural persons aged under 16, neither do we make commercial offers to or tries to contact them, unless their legal representative has consented.

 

9. SECURITY MEASURES TO PROTECT PERSONAL DATA

 

We have implemented adequate security measures in order to maintain integrity and security and prevent accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed, in line with Regulation (EU) 679/2016.

 

10. PRIVACY BY DESIGN

 

We commit, before starting Processing activities using new technologies, to carry out data protection impact assessments in accordance with GDPR and by undertaking appropriate actions accordingly.

 

11. FURTHER CHANGES TO THIS DATA PROTECTION POLICY

 

We regularly seek to improve our efforts in protecting Personal Data. This Data Protection Policy can be changed or updated in light of upcoming legislations, both at international, European and national level.

We will inform you of all substantive changes of this Data Protection Policy via offline or online means (for example, via the Website, during your first visit or with each substantial update of this Data Protection Policy).

You can always find the most recent version of our Data Protection Policy available at www.alanattard.com/data-protection-policy.

 

Alan Attard  © 2019